Trending:

Google Project Zero team discloses a "high severity" flaw discovered in macOS kernel

Apple Incorporated Modi ji Justin Trudeau Trending

Home
Tech
News & Analysis
Google Project Zero team discloses a "high severity" flaw discovered in macOS kernel

Google Project Zero team discloses a "high severity" flaw discovered in macOS kernel

tech2 News Staff • March 6, 2019, 21:06:56 IST

Whatsapp Facebook Twitter

The macOS kernel flaw grants the attacker to modify a mounted filesystem without user’s knowledge

Subscribe Join Us

Add as a preferred source on Google

Prefer
Firstpost On
Google

Google Project Zero team discloses a "high severity" flaw discovered in macOS kernel

Google Project Zero, the tech giant’s security research unit known for sniffing out bugs and security flaws within systems, have discovered a major flaw in the macOS kernel.

macOS-Mojave-1024

The team has disclosed a “high severity” macOS kernel flaw that “grants an attacker to modify a user-owned mounted filesystem without the macOS memory manager’s knowledge.” In other words, a hacker can gain complete control of a user’s macOS system. Apparently, **Google** disclosed the flaw to Apple back in November 2018. Project Team Zero’s 90-day disclosure policy means that the flaw is now public and Apple, despite having 90 days to fix the issue, hasn’t done so yet. Google has labelled the issue as “high vulnerability.” As detailed in the Chromium bug tracker, the Project Zero team explained that they found a loophole in the copy-on-write (CoW) protection system of macOS which manages the computer’s memory and ensures that a process doesn’t change the data shared by other processes. “This copy-on-write behaviour works not only with anonymous memory but also with file mappings. This means that after the destination process has started reading from the transferred memory area, memory pressure can cause the pages holding the transferred memory to be evicted from the page cache. Later, when the evicted pages are needed again, they can be reloaded from the backing filesystem. This means that if an attacker can mutate an on-disk file without informing the virtual management subsystem, this is a security bug,” the Google Project Zero Team stated. Reports noted that this bug could be potentially used to exploit target macOS systems and may prove useful to cyber miscreants in ‘wider exploit chains.’ But while this flaw is said to affect any Apple laptop or desktop running macOS, 9to5Google reported that Apple has acknowledged the issue and has begun working with Google’s Project Zero team to fix the flaw. As per the report, Apple is expected to patch the issue in “a future macOS release.” However, there’s no specific timeline for this.